Defects Fixed in 12.8.02

The following defects are fixed in stmndr 12.8.02:
casso1283
The following defects are fixed in 
SiteMinder
 12.8.02:
Policy Server
The following defects are fixed in Policy Server:
Salesforce Case Number
Internal Defect ID
Issue Description
00895222
DE331117
Policy Server incorrectly uses the Cache Value parameter value as the Recalculate value every seconds value for Response Attributes.
00977534
DE349869
Policy Server incorrectly logs the
Error 0
message though the password change is successful.
01006331
DE359153
Policy Server fails to maintain the assigned scoped administrator privileges of a user.
01187574,
01187574
DE350809,
DE385061
Policy Server incorrectly redirects SP-initiated federation transaction with Credential Handler Selector to HTTP 404.
00955340
DE345303
Policy Server fails to close or reuse file handles in Kerberos authentication, and it restarts.
01075501, 01090262
DE365165, DE374555
Policy Server crashes due to missing null check for LDAP connections.
01122105
DE371514
User authentication fails if Subject DN of a certificate has SerialNumber.
01000021
DE356875
Policy Server fails to fetch the memberof attribute for HTTP Response.
00882807
DE328194
Policy Server fails to return the complete list of groups of a user if the user is a member of more than 200 groups.
00317466, 00996795, 00976193, 01125461, 01201512
DE140714
Policy Serer fails to encode the
#
symbol.
00686204, 00752695 
DE280382
Policy Server fails to resolve a variable when POST-form variables are used in an expression.
01139377
DE375003
Policy Server returns null value for the KEY function.
01175778
DE382485
The
ActiveConfig
property is not present in the search response.
00994029
DE356432
The
smpolicysrv -stats
command displays incorrect count of current threads.
00963739
DE358884
Policy Server fails to log UserName when an agent object is deleted.
01063548
DE363080
smauditimport tool fails to insert the logs in the bulk mode into Oracle database.
01142155
DE379847
Policy Server crashes when a new Access Role has an existing Access Role as its member in Symantec Identity Manager.
01076897, 01144388
DE361888, DE376048
XPSExport returns the
Grant has no administrator
error.
01176906, 01206233
DE382680
Policy Server fails to parse the DNQualifier of Subject DN.
01160222
DE379330
Policy Server returns the following error during key generation with BackwardCompatibleMode:
An agent change key command was received that contained a set of null keys
00958980
DE360833
Policy Server fails to reset a password when it expires and returns the following error:
Your user ID password or OTP has been entered incorrectly
01210879
DE388489
Changes to Identity Mapping Objects require a Policy Server restart.
1239992
DE393374
IDENTITY_MAP function fails to work with Custom Search in IDENTITY_MAPPING Object.
01221762
DE390825
Policy Server generates core with X509 Client Certificate and Basic Authentication scheme when it is processed with a certificate that has CRL.
01169429
DE381423
Policy Server fails to evaluate user attributes in responses for objectGUID.
01214023
DE389140, DE399519
smkeytool fails to list certificates and returns the following error message:
com.netegrity.smkeydatabase.db.SmCertificateDataStoreException: Error converting to an X509Certificate object
01249751
DE395421
Policy Server fails to find certificates that have backslash (\) in Issuer DN in federation transactions and fails at signature verification.
01257305
DE396827
Policy Server stores certificate name with double quotes in policy store.
01238420
DE393777
smkeytool returns the following error when it lists certificates:
java.lang.ArrayIndexOutOfBoundsException
00481735
DE204495
The Policy Server Management thread displays the Error 9 waiting for server management messages error in the smps.log file.
00928809
DE340237
Certificate authentication fails when user certificate has Distribution Points and CRL check is enabled.
00919218
DE341996
Policy Server fails to return user attributes using the DSMAPI call.
00994201
DE354477
Kerberos constrained delegation fails if the tickets of Policy Server and Agent have expired.
01069715
DE360737
Policy Server fails to import certificates that contain Serial Number and Email into Administrative UI.
01220589
DE390156
Policy Server generates core during bulk import of logs using smauditimport.
01202679
DE390506
Policy Server fails to import a PKCS12 certificate using smkeytool.
01230350
DE392719
X509 authentication fails if Issuer DN contains a comma (,).
00936343
DE349363
Policy Server randomly shuts down and fails to automatically restart when it is integrated with Symantec Identity Manager.
01137755
DE376518
Policy Server crashes and causes memory leaks leaks when Java API is used, ACL is configured, or LDAP search is performed.
01187457
DE386327
User password change fails with the constraint violation error when it expires
01249689
DE395403, DE403048, DE403465
Policy Server fails to decode a SAML request that contains AuthnRequest in SP-initiated POST transactions.
01183355
DE383647
Custom assertion generator plug-in fails with the following error when the stax2 and woodstox libraries are used:
The assertion customization failed.n java.lang.NoSuchMethodError
00997369
DE386917, DE355385
IDENTITY_MAP function fails to work with a federation partnership.
01078368
DE366389
Administrative UI displays the user information of Legacy Federation Service Provider objects inconsistently.
01249758,
01257305,
01257310, 01257308
DE395425,
DE396827,
DE396830, DE396828
Signature verification fails for federation transactions with the No certificate found in DB error.
01249765
DE395426
Signature verification fails if Issuer DN contains a space after the RDN in federation.
01231821
DE392248
Signature verification fails with the
Invalid keyword "POSTALCODE"
error if the certificate contains POSTALCODE for federation.
Administrative UI
The following defects are fixed in Administrative UI:
Salesforce Case Number
Internal Defect ID
Issue Description
00966230
DE347653
Administrative UI fails to display the
Resource
field as a mandatory field in the
Create Rule
dialog.
00947117
DE346715
Administrative UI displays a blank screen for the OpenID Connect Client dialog if it is configured with multiple Policy Servers.
01140798, 01155912
DE376318
Administrative UI ships
struts.jar
that contains vulnerabilities.
01072883
DE362316
Administrative UI does not accept the
=
sign in the SAML Service provider attribute for legacy federation.
01125610
DE372842
Certificate cache refresh takes time if Administrative UI is configured with external authentication.
01211092
DE388493
Administrative UI fails with FATAL ERROR when Policy Server is in FIPS ONLY mode.
01101313
DE369733
Policy Server incorrectly accepts a value above the maximum limit of
Token Expiry Time
of
Refresh Token
, and fails to generate Refresh Token.
01062284, 01072836,
01188347, 01066210,
01130135
DE358687,
DE361826,
DE387496
OpenID Connect Client creation fails in Internet Explorer 11.
01075084
DE369385,
DE366632
The
java.lang.AssertionError
error occurs when a SAML Service Provider is assigned to an OCSP Configuration object type in Workspace.
01111277
DE369170
Token expiry configuration fails to accept zero (0) minutes during OpenID Connect configuration.
01068756
DE362888
Scoped Administrator fails to view federation objects in Workspace.
01214023
DE389140, DE399519
Smkeytool fails to list certificates and returns the following error message:
com.netegrity.smkeydatabase.db.SmCertificateDataStoreException: Error converting to an X509Certificate object
Federation
The following defects are fixed in Federation:
Salesforce Case Number
Internal Defect ID
Issue Description
00976110
DE351749
Multi-valued attributes fail to follow correct JSON format in OpenID Connect Provider configuration.
01167116
DE380850
SMPORTALURL is not found if an authentication request is signed at Service Provider in Service Provider-initiated federation transactions.
01172393, 01231100
DE385645
Directory attribute mapping expression fails in an OIDC claim and retrieves the memberOf attribute only from the first matched entry.
01152641
DE378541
Introspect and UserInfo Endpoints expect Client ID and Client Secret for public clients.
00739693
DE291222
User redirection to a different oAuth login fails if
OAuthStateDataCookie
already exists in the browser.
01179430
DE384070, DE391638
SP-initiated POST authentication request fails to return complete RelayState.
01187574,
01187574
DE350809,
DE385061
Policy Server incorrectly redirects SP-initiated federation transaction with Credential Handler Selector to HTTP 404.
00974284
DE349446
Policy Server fails to validate
redirect_uri
at Token Endpoint in OpenID Connect Provider configuration.
01086332
DE367265
Policy Server generates an assertion for an incorrect or non-existent certificate alias for legacy federation.
01133530
DE376531
Policy Server incorrectly allows users access to federation applications when their protection levels are lower than the configured protection levels.
01217405
DE392675
Policy Server throws the NullPointerException error for OIDC requests after it restarts.
Access Gateway
The following defects are fixed in 
Access Gateway
:
Salesforce Case Number
Internal Defect ID
Issue Description
00980480, 01121257
DE351050, DE371214
Access Gateway
crashes with the
EXCEPTION_ACCESS_VIOLATION
error when Integrated Windows Authentication is configured.
00866357, 00888455
DE322879
Access Gateway
fails to log the IP address of a client in smaccess.log if the client request navigates through the STS module.
00966223
DE348605
Access Gateway
crashes and generates core due to SspiCli.dll.
01142286
DE378246
Access Gateway
fails to honor the null condition in proxy rules.
01218576
DE390782
affwebserv.log fails to log ACO parameter names during initialization.
01225427
DE393592
Access Gateway
contains reference to i386 in the JRE path of LD_LIBRARY_PATH.
01249689
DE395403, DE403048, DE403465
Access Gateway
fails to decode a SAML request that contains AuthnRequest in SP-initiated POST transactions.
00467736
DE396601
Access Gateway
fails to decode the encoded characters before processing BadURLChars if localization is enabled.
00996571
DE355741
Access Gateway
displays the Tomcat server version information in response header.
01121257
DE371188
Access Gateway
crashes under load when Kerberos authentication is configured.
01143383,
01211168
DE375973,
DE388565
Tomcat is upgraded to Apache Tomcat 7.0.91.
01149894
01145035
DE379187
Apache is upgraded to Apache 2.4.37 and OpenSSL is upgraded to OpenSSL 1.0.2q.
01179289
DE383335
AuthRestService fails to authenticate users in Authentication and Authorization web services.
01188783
DE384991
Access Gateway
Administrative UI fails to support Local Configuration.
01124540
DE373175
Access Gateway
incorrectly sets an extra SMSAMLDAT variable after a SAML federation transaction is logged off.
01065670
DE360302
Access Gateway
fails to validate the domain of an error page.
00317466, 00996795, 00976193, 01125461, 01201512
DE140714
Access Gateway
fails to encode the
#
symbol.
00994201
DE354477
Kerberos constrained delegation fails if the tickets of Policy Server and Agent have expired.
SDK
The following defects are fixed in SDK:
Salesforce Case Number
Internal Defect ID
Issue Description
01184735, 01212552
DE383871
smagentapi.jar from SDK does not include the
com.ca.siteminder.sdk.agentapi.Util
class.
01202168
DE388069
AgentAPI.init() method receives the
java.lang.NoSuchFieldError
exception with IBM JDK.